Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.
References
| Link | Resource |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 | Third Party Advisory US Government Resource |
| https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf | Vendor Advisory |
| https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 | Third Party Advisory US Government Resource |
| https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
History
21 Nov 2024, 08:34
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.0 |
| References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 - Third Party Advisory, US Government Resource | |
| References | () https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf - Vendor Advisory |
06 Sep 2023, 20:13
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
| First Time |
Digi one Sp
Digi connectport Lts 8\/16\/32 Digi wr44 R Firmware Digi connect Sp Firmware Digi portserver Ts Firmware Digi one Sp Firmware Digi portserver Ts Digi connectport Ts 8\/16 Firmware Digi wr31 Firmware Digi portserver Ts Mei Firmware Digi one Sp Ia Digi connect Es Firmware Digi one Ia Firmware Digi transport Wr11 Xt Digi portserver Ts Mei Hardened Digi connect Sp Digi Digi portserver Ts Mei Hardened Firmware Digi portserver Ts Mei Digi wr21 Digi connectport Ts 8\/16 Digi connect Es Digi portserver Ts M Mei Digi cm Digi portserver Ts P Mei Firmware Digi realport Digi passport Digi portserver Ts P Mei Digi one Sp Ia Firmware Digi connectport Lts 8\/16\/32 Firmware Digi wr44 R Digi cm Firmware Digi transport Wr11 Xt Firmware Digi portserver Ts M Mei Firmware Digi wr21 Firmware Digi wr31 Digi passport Firmware Digi one Iap Firmware Digi one Iap Digi one Ia |
|
| References | (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04 - Third Party Advisory, US Government Resource | |
| References | (MISC) https://www.digi.com/getattachment/resources/security/alerts/realport-cves/Dragos-Disclosure-Statement.pdf - Vendor Advisory | |
| CPE | cpe:2.3:o:digi:passport_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:connectport_lts_8\/16\/32_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:digi:realport:*:*:*:*:*:linux:*:* cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:* cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:digi:one_sp_ia_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:wr31_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:one_sp_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:* cpe:2.3:h:digi:connect_sp:-:*:*:*:*:*:*:* cpe:2.3:o:digi:one_ia_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:* cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:* cpe:2.3:h:digi:passport:-:*:*:*:*:*:*:* cpe:2.3:o:digi:portserver_ts_mei_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:* cpe:2.3:a:digi:realport:*:*:*:*:*:windows:*:* cpe:2.3:o:digi:cm_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:connectport_ts_8\/16:-:*:*:*:*:*:*:* cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:* cpe:2.3:o:digi:portserver_ts_p_mei_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:one_iap:-:*:*:*:*:*:*:* cpe:2.3:h:digi:one_sp_ia:-:*:*:*:*:*:*:* cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:* cpe:2.3:h:digi:one_sp:-:*:*:*:*:*:*:* cpe:2.3:o:digi:portserver_ts_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:connect_sp_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:connectport_lts_8\/16\/32:-:*:*:*:*:*:*:* cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:* cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:wr21_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:wr44_r_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:* cpe:2.3:o:digi:transport_wr11_xt_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:portserver_ts_m_mei_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:digi:one_iap_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:* cpe:2.3:o:digi:connectport_ts_8\/16_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:* cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:* |
31 Aug 2023, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-31 21:15
Updated : 2024-11-21 08:34
NVD link : CVE-2023-4299
Mitre link : CVE-2023-4299
CVE.ORG link : CVE-2023-4299
JSON object : View
Products Affected
digi
- portserver_ts_mei
- wr21_firmware
- portserver_ts_m_mei
- wr31
- connectport_lts_8\/16\/32_firmware
- portserver_ts_m_mei_firmware
- portserver_ts_p_mei_firmware
- portserver_ts_mei_firmware
- one_ia
- connect_es
- cm_firmware
- transport_wr11_xt_firmware
- wr44_r
- connect_sp_firmware
- one_iap_firmware
- realport
- one_sp_ia
- wr31_firmware
- connectport_ts_8\/16
- portserver_ts_mei_hardened_firmware
- one_ia_firmware
- portserver_ts_mei_hardened
- cm
- connectport_lts_8\/16\/32
- portserver_ts_firmware
- connect_sp
- passport_firmware
- one_sp
- wr44_r_firmware
- wr21
- one_iap
- one_sp_ia_firmware
- connect_es_firmware
- connectport_ts_8\/16_firmware
- transport_wr11_xt
- passport
- portserver_ts_p_mei
- portserver_ts
- one_sp_firmware
CWE
CWE-836
Use of Password Hash Instead of Password for Authentication